Kt

**Name of the Vulnerable Software and Affected Versions** Lenovo Personal Cloud Storage devices (affected versions not specified) **Description** An information disclosure issue was reported in some Lenovo Personal Cloud Storage devices. This could allow an unauthenticated user to retrieve device and networking details. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lenovo Personal Cloud Storage devices (affected versions not specified) **Description** A weak default password for the serial port was reported, which could allow unauthorized device access to an attacker with physical access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lenovo Personal Cloud Storage devices (affected versions not specified) **Description** A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices. This could allow unauthorized device access to an attacker with physical or local network access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lenovo Personal Cloud Storage devices (affected versions not specified) **Description** A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lenovo Personal Cloud Storage devices (affected versions not specified) **Description** A command injection issue was reported in Lenovo Personal Cloud Storage devices. This could allow an authenticated user to execute operating system commands by sending a crafted packet to the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1 watchOS versions prior to 5.1 Safari versions prior to 12.0.1 iTunes versions prior to 12.9.1 iCloud for Windows versions prior to 7.8 **Description** The issue is related to multiple memory corruption problems that were addressed with improved memory handling. **Recommendations** For iOS versions prior to 12.1, update to version 12.1 or later. For watchOS versions prior to 5.1, update to version 5.1 or later. For Safari versions prior to 12.0.1, update to version 12.0.1 or later. For iTunes versions prior to 12.9.1, update to version 12.9.1 or later. For iCloud for Windows versions prior to 7.8, update to version 7.8 or later.